AMD confirms that their products are unaffected by Fallout and RIDL vulnerabilities
Intel processors are impacted by these security flaws
Published: 15th May 2019 | Source: AMD |
AMD confirms that their products are unaffected by Intel's Fallout and RIDL vulnerabilities
In their statement, AMD claims that their products are built "with security in mind" and that the company's internal analysis and discussions with security researchers have confirmed that both RILD and Fallout do no affect the company's processors. AMD's language states that they "believe" their processors are not susceptible, though reading past the legalese it seems clear that as far as AMD is concerned (at least internally), their products are safe.
AMD's statement on their Product Security microsite makes no mention of Intel's ZombieLoad attack, though official statements (Guruof3D) to other websites have confirmed that ZombieLoad poses no threat to AMD's products. At this time it appears that AMD's implementation of SMT is more secure than Intel's, though it is worth noting that Intel's processors are more prevalent and likely has more security analysts probing them for weaknesses.
At AMD we develop our products and services with security in mind. Based on our analysis and discussions with the researchers, we believe our products are not susceptible to ‘Fallout’ or ‘RIDL’ because of the hardware protection checks in our architecture. We have not been able to demonstrate these exploits on AMD products and are unaware of others having done so.
For more information, see our new whitepaper, titled “Speculation Behavior in AMD Micro-Architectures.”
Why aren't AMD's CPUs vulnerable to the same exploits as their Intel counterparts? The simple answer is that AMD's CPUs are based on a fundamentally different design, as while SMT is available with Ryzen, memory handling and security are implemented differently, making AMD immune to the security weaknesses of Intel's core processors.
In fairness, the reverse is also true for Intel, as if a similar flaw was found inside AMD's Ryzen CPUs, Intel would likely be immune to it. That said, Intel remains as the king of the x86 market, both in client systems and in servers, making them the more attractive target for security researchers and analysts. It makes more sense to look for flaws inside Intel processors, as such flaws would undoubtedly impact a larger userbase. In this respect, sometimes it isn't good to be the king.
You can join the discussion on AMD's confirmation that their processors are not impacted by Fallout or RIDL on the OC3D Forums.